I know this is a little late to the party. But I do think Spammers monitor this list. A few weeks back I posted some IP addresses that I was receiving spam from. I have not recieved a single spam from thoes servers since but other users/domains on my server have.
I have them spamtraped so I can monitor the volume. Not a good Idea to post whitelists to and spamfiltering user list. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan > Sent: Monday, September 15, 2003 4:42 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] OBFUSCATION filter > > > Hi Bill: > You are right... No disagreement here. > > We had negative MAILFROM but it was being abused like crazy. We were > getting so much spam from faked addresses. We now have a > negative list for > mailing lists and at times we see email coming through. > > REVDNS whitelist has worked well and we have not yet seen any abuses - but > as a rule I agree with you it can be abused. > > Since someone asked about our whitelist- here it is (these are the general > items - we have in this list some of our clients with screwed up server > setups but are taken out in this list). This goes in the Global.cfg file. > > WHITELIST REVDNS .airborne.com > WHITELIST REVDNS .amazon.com > WHITELIST REVDNS .audible.com > WHITELIST REVDNS .bestfares.com > WHITELIST REVDNS .cnet.com > WHITELIST REVDNS .dell.com > WHITELIST REVDNS .dowjones.com > WHITELIST REVDNS .ebay.com > WHITELIST REVDNS .equifax.com > WHITELIST REVDNS .fedex.com > WHITELIST REVDNS .gartner.com > WHITELIST REVDNS .getactive.com > WHITELIST REVDNS .hertz.com > WHITELIST REVDNS .house.gov > WHITELIST REVDNS .ibm.com > WHITELIST REVDNS infoworld.wc09.net > WHITELIST REVDNS .ipswitch.com > WHITELIST REVDNS .j2.com > WHITELIST REVDNS .kintera.com > WHITELIST REVDNS .looksmart.com > WHITELIST REVDNS .luxurylink.com > WHITELIST REVDNS .macromedia.com > WHITELIST REVDNS .microsoft.com > WHITELIST REVDNS .microsoft.m0.net > WHITELIST REVDNS .moveon.org > WHITELIST REVDNS .msnbc.com > WHITELIST REVDNS .nytimes.com > WHITELIST REVDNS .officemax.com > WHITELIST REVDNS .openitx.com > WHITELIST REVDNS .oracle.com > WHITELIST REVDNS .paypal.com > WHITELIST REVDNS .philanthropy.com > WHITELIST REVDNS .schwab.com > WHITELIST REVDNS .sears.com > WHITELIST REVDNS .shockwave.com > WHITELIST REVDNS .thawte.com > WHITELIST REVDNS .travelzoo.com > WHITELIST REVDNS .truste.org > WHITELIST REVDNS .ups.com > WHITELIST REVDNS .usairways.com > WHITELIST REVDNS .veritas.com > WHITELIST REVDNS .zd-swx.com > > Regards, > Kami > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry > Sent: Sunday, September 14, 2003 10:39 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] OBFUSCATION filter > > > Kami, the only reason I mentioned PayPal to Matt was because I figured he > would be tracking FPs regarding his Obfuscation test. The PayPal > message in > question here did get delivered without user intervention, however, it was > not due to PayPal being whitelisted. > > I don't like to whitelist anything except "TO" addresses, since anything > else that is whitelisted can be abused, including RDNS. Instead, > we apply a > high enough negative weight to three primary filter tests (HELO, RDNS & > MAILFROM) to trusted mailers so that they will generally pass with an > acceptable weight and get delivered without user intervention; however, > anything sent by a spammer abusing these trusted mailer addresses > will still > likely get caught because they probably will not pass all three of these > primary tests, and will most likely fail other JunkMail tests, as well. > > When something is whitelisted, no other tests can be run against these > messages and they simply get delivered, no matter what. However, if you > instead apply a minimal negative weight to multiple tests, forged e-mail > will still likely get caught and not delivered. > > Using PayPal as an example, if you whitelist RDNS, or MailFrom, or HELO, > etc., if a spammer happens to forge their messages using any of > these, there > spam gets delivered, no matter what other tests it might have failed. > However, if you instead apply minimal negative weights like: > > MAILFROM -5 ENDSWITH .paypal.com > REVDNS -5 ENDSWIDTH .paypal.com > HELO -5 ENDSWITH .paypal.com > > This give legitimate PayPal e-mail a total negative of -15, which > will most > likely allow it to be delivered, even if it fail a couple of other tests. > However, the likelihood of a spammer being able to successfully meet all > three of these criteria is highly unlikely, and even if they did, > there are > still all of the other spam tests that JunkMail supports that we can run > against these messages and still probably block it's delivery. > It basically > gives a fighting chance against forging spammers who attempt to abuse > spam-test whitelists. > > Just my 2 cents... > > Bill > > ----- Original Message ----- > From: "Kami Razvan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, September 14, 2003 6:04 PM > Subject: RE: [Declude.JunkMail] OBFUSCATION filter > > > > Bill: > > > > We have a lot of these well known sites in our whitelist as REVDNS. > > > > WHITELIST REVDNS .paypal.com > > > > Paypal has been there for ages, same with eBay, IBM, Oracle, etc. The > > REVDNS is almost foolproof way of letting paypal come through without > > worrying about anything. > > > > Regards, > > Kami > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry > > Sent: Sunday, September 14, 2003 3:44 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.JunkMail] OBFUSCATION filter > > > > > > Just an FYI, I've added: > > > > MAILFROM -7 ENDSWITH paypal.com > > > > to the "Test Exclusions", as it was flagged by the Obfuscation test. > > > > Bill > > ----- Original Message ----- > > From: "Matthew Bramble" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Sunday, September 14, 2003 12:27 PM > > Subject: Re: [Declude.JunkMail] OBFUSCATION filter > > > > > > > Thanks Bill. And I've got a few more in me I believe :) > > > > > > Matt > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
